[plug] "Chroot" a whole system - Printing to the host?

Adrian Chadd adrian at creative.net.au
Fri Jan 5 14:40:53 WST 2007 

The idea behind a chroot is that you don't have (legitimate) access to the
directories -above- the chroot point. there's a few exceptions:

* You can hardlink files into the chroot - so you could, for example,
  hard-link the lpd UNIX socket into the chroot and configure lpd to
  use that

* You can still talk to the local services over TCP/IP; which is the "clean"
  way of doing it.

* Various illegitimate ways of breaking out of the chroot. I'm sure your
  family won't use them. :)

I'd suggest investigating VMWare, UML or Xen. What you can then do is run
one VM with all the local services and then allow the other VM IPs to talk
to them. Various limitations apply - direct hardware access, for example,
is generally limited to the root domain in Xen but you can grant access to
some device types to the user domains. UML is a bit more flexible IIRC.

HTH,



Adrian

On Fri, Jan 05, 2007, Timothy White wrote:
> When I rebuilt my server, I decieded to make things easier, I would
> keep the server as "clean" as possible, and for those extra services,
> have them all in a chroot system (which means for example the server
> is running dapper, but the chroot is edgy).
> So currently, my chroot is getting lots of use, with it being accessed
> by various family members usually using remote X (CygwinX) with
> Xwindows programs. Some things I have now discovered I have no idea
> how to get working in such a chroot system and am starting to wonder
> if it would have been better using a UML.
> 
> For example, printing. How do I setup things in the chroot, to print
> via the cupsd/lpd of the host system? Ideally I don't want to run any
> daemons under the chroot, because then I have to make sure they are
> started when the system is booted, and I have to make sure they don't
> conflict with the hosts daemons. I have sorted mail by installing
> ssmtp which just parses everything (via SMTP) to the designated
> mailhub, which just happens to be the host.
> I'm also realising that I may need to rethinking what I export from
> the host to the chroot. I now have efax-gtk in the chroot, which works
> a charm mind you (using cups printing to a socket, which is the efax
> program, meaning the windows users can EASILY send faxs). BUT,
> currently that modem is also used for dialup when the ADSL isn't
> operating (or not connected like right now), so I should probably make
> /var/lock shared as well?
> 
> Can anyone think of other directories I need to share, and ways to get
> things like printing from within the chroot working? The host system
> has only xauth in terms of X libraries (just enough that Xforwarding
> works seeing as we still ssh into the main system, then dchroot to the
> chroot).
> 
> Thanks
> 
> Tim
> -- 
> Linux Counter user #273956
> Don't email joeblogs at scouts.org.au
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level bandwidth-capped VPSes available in WA -

More information about the plug mailing list